Fixes for two common ‘pseudo’ rootkits (they hide malware but not themselves.) Frequently flagged by avast! as Win32:Trojan-gen. {Other}
msdirectx.sys
http://forum.avast.com/index.php?topic=14618.msg142666#msg142666
rdriv.sys
http://forum.avast.com/index.php?topic=16788.msg142660#msg142660
Thanks to noahdfear
Could we make this a sticky?
DavidR
October 19, 2005, 1:17pm
2
I second the make this a sticky, or have it included in an existing sticky if suitable as the rootkit hiding malware is now well established and not a concept.
Hi ye all,
Yes, there are loads of postings all coming down to the topic of this one sticky. Why not refer to this one for postings on: WIN32:TROJAN-GEN (OTHER).
polonus
system
October 19, 2005, 5:04pm
4
Yestoday I got that virus with name xpjava.exe in the userinit section.
I sended it to avast.
I removed by resetting attributes and renaming of file.
After reboot computer was clean, and I was able to delete that renamed file.
Thanks to AVAST that has operation blocker that was very usefull to find what program was creatin “msdirectx.sys”.
Which operation blocker?
Do you mean a behavior blocker or just that avast! detect the virus on-access and did not allow it to run?
system
October 20, 2005, 8:10am
6
“behavior blocker” block on Open, Write, Delete,Format,Create operations
Here one article about protection from those Rbots
http://www.networkworld.com/newsletters/bug/2005/0926bug2.html
system
October 21, 2005, 5:47pm
7
For CREDIBLE rootkit detection, use the FREE Rootkit
Revealer from www.sysinternals.com . If a scan shows
anything, go to the forum(s) of your antispyware
provider and seek assistance . Before using that program,
make sure you have just deleted your Temporary
Internet Files.